Computer Network | Types of Network address translation (NAT)

Prerequisite – Network address translation (NAT)
Network Address Translation (NAT) is a process in which one or more local IP address is translated into one or more Global IP address and vice versa in order to provide Internet access to the local hosts. NAT generally operates on router or firewall.

Network address translation (NAT) working –
Generally, the border router is configured for NAT i.e the router which have one interface in local (inside) network and one interface in global (outside) network. When a packet traverse outside the local (inside) network, then NAT converts that local (private) IP address to a global (public) IP address. When a packet enters the local network, the global (public) IP address is converted to local (private) IP address.

If NAT run out of addresses, i.e., no address is left in the pool configured then the packets will be dropped and an Internet Control Message Protocol (ICMP) host unreachable packet to the destination is send.

NAT types –
There are 3 types of NAT:

1. Static NAT –
In this, a single private IP address is mapped with single Public IP address, i.e., a private IP address is translated to a public IP address. It is used in Web hosting.



Configuration –

Here is a small topology in which there is PC having IP address 192.168.1.1/24, Router R1 having IP address 192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1 and server having IP address 73.1.1.2/24.

Now, inside local and inside global are shown in the figure. Configuring the static NAT through command ip nat inside source static INSIDE_LOCAL_IP_ADDRESS INSIDE_GLOBAL_IP_ADDRESS.

R1(config)# ip nat inside source static 192.168.1.1 12.1.1.1 

Now, we have configure router’s inside interface as IP NAT inside and outside interface as IP NAT outside.

R1(config)# int fa0/0
R1(config-if)# ip nat inside 
R1(config)# int fa0/1
R1(config-if)# ip nat outside 

2. Dynamic NAT –
In this type of NAT, multiple private IP address are mapped to a pool of public IP address . It is used when we know the number of fixed users wants to access the Internet at a given point of time.

Configuration –

There is PC having IP address 192.168.1.1/24, Router R1 having IP address 192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1 and server having IP address 73.1.1.2/24.
Now, first configuring the access-list:

R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255 

Configuring the nat pool from which a public IP will be selected.

R1(config)# ip nat pool pool1 12.1.1.1 12.1.1.3 netmask 255.255.255.0 

Now, enabling Dynamic NAT:

R1(config)# ip nat inside source list 1 pool pool1

At last, we have to configure router interfaces as inside or outside.

R1(config)# int fa0/0
R1(config-if)# ip nat inside
R1(config)# int fa0/1
R1(config-if)# ip nat outside

3. Port Address Translation (PAT) –
This is also known as NAT overload. In this, many local (private) IP addresses can be translated to single public IP address. Port numbers are used to distinguish the traffic, i.e., which traffic belongs to which IP address. This is most frequently used as it is cost effective as thousands of users can be connected to the Internet by using only one real global (public) IP address.

Configuration –

Taking the same topology, There is PC1 having IP address 192.168.1.1/24, Router R1 having IP address 192.168.1.2/24 on interface fa0/0, 12.1.1.1/24 on fa0/1 and server having IP address 73.1.1.2/24.
Now, first configuring the access-list:

R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255 

Configuring the nat pool from which a public IP will be selected.

R1(config)# ip nat pool pool1 12.1.1.1 12.1.1.1 netmask 255.255.255.0

Here, note that the nat pool is shrunk to one ip address only and the IP address used is the outside interface ip address of the router. If you have additional IP then you can use that also.
Now, enabling Dynamic NAT overload (PAT):

R1(config)# ip nat inside source list 1 pool pool1 overload

Or we can also use

R1(config)# ip nat inside source list 1 interface fastEthernet 0/1 overload

At last, we have to configure router interfaces as inside or outside.

R1(config)# int fa0/0
R1(config-if)# ip nat inside
R1(config)# int fa0/1
R1(config-if)# ip nat outside


My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please write comments if you find anything incorrect, or you want to share more information about the topic discussed above.




Practice Tags :
Article Tags :
Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.

Recommended Posts:



2 Average Difficulty : 2/5.0
Based on 1 vote(s)






User Actions